Dark Web in the Headlights

March 2, 2018

The dark web, the portion of the Internet that can be browsed anonymously through the use of different encryption technology, was a sector of the web utilized by a very, very small number of individuals. This exclusivity, coupled with the anonymity it provides, led it to become a popular space for illicit activity and fraudsters to wheel and deal. But these days, those incriminating activities are coming to light.

The nature of the dark web has changed. It began as a place to sell drugs without recourse, but today’s fraudster demands a new type of product…data. The use and sale of stolen personal data, financial and payment information, as well as account information/login are in high demand and readily available. As of September 2017, over 9 billion records have been lost or, more than likely, stolen. In comparison, the current world population is just over 7.6 billion. Information provided by Equifax’s UK division sheds a light on not only the types of data available, but just how available and inexpensive this data is:

  • Credit Cards: Dark web marketplaces sell not only the credit card numbers but also the pertinent user data to conduct CNP fraud.
  • Identification and Passports: Stolen social security numbers, driver’s licenses, birth certificates.
  • Stolen Account Logins: Logins for streaming services, download sites, loyalty accounts, ride sharing accounts, bank accounts.
  • Data and Information: Accounts for 28% of the listed items on the dark web.

However, as the dark web evolves and law enforcement, organizations, and individuals become more aware of fraudulent activity, a light is beginning to be focused on the dark web. That’s the case with Infraud, a long-running cybercrime ring that has been on the dark web for years and reportedly bilked consumers out about half a billion dollars. Just a few weeks ago, the Department of Justice unsealed a widespread indictment against 36 alleged cybercriminals from the United States and six other countries (Australia, the United Kingdom, France, Italy, Kosovo and Serbia), for their participation in the forum. With the motto of “In Fraud We Trust,” Infraud victimized millions, not only across all 50 states, but also worldwide in one of the largest cyber fraud enterprises the Department of Justice had ever prosecuted.

The dark web created a hotbed for criminals to let their fraudster flag fly – selling and purchasing hardware for leveraging cashing machines, troves of stolen identities/credentials, stolen financial and banking information, malware, and other fraud-friendly products. It also served as a business tool for these fraud rings, allowing for the use of anonymous and secure communication without the threat of discovery. According the Department of Justice’s announcement, the Infraud organization caused about $2.2 billion in intended losses, and more than $530 million in actual losses across financial institutions, merchants, and private individuals during the course of its seven-year history.

While this has been one of the largest international crime rings ever taken down, this doesn’t mean companies can let their guard down. This is just the tip of the iceberg, as a number of groups on the dark web continue to operate with sophistication and savvy. Fraud forums are well-oiled machines composed of multiple criminals, not individuals working solo, and merchants of all sizes need to be prepared to address fraud as it evolves. While one fraud ring has taken a hit, there’s no doubt more will crop up to take its place. What’s different this time is more light has been shed on this issue, and businesses should take this as a reminder to make sure their fraud prevention strategies are comprehensive and constantly updated not just to combat today’s fraud, but the fraud of tomorrow.

That’s why new technologies that incorporate a balanced approach to machine learning (supervised and unsupervised), decision engines and domain expertise are essential. The use of sophisticated fraud prevention solutions have emerged to help businesses navigate these challenges and thwart potential risks.

Reserve your seat now for the live webinar, “Not All Machine Learning is Created Equal” on March 15th at 11:00 am PST, to learn more about what differentiates machine learning technologies and to get a sneak preview of Kount’s latest Boost Safety Rating.